If you do not already have an account with Amazon AWS, go to Amazon Web Services and click "Sign up". You will need the access and secret access key credentials from the sign-up later.
Guide Based Upon Ubuntu 12.04 on Amazon AWS EC2 with Chef 10.18.
Note: At this time, the steps described above have only been tested on the identified platform(s). Opscode has not researched and does not support alternative steps that may lead to successful completion on other platforms. Platform(s) supported by this guide may change over time, so please do check back for updates. If you'd like to undertake this guide on an alternate platform, you may desire to turn to open source community resources for support assistance.
First, let's configure the local workstation.
Obtain the Chef repository used for this guide. It contains all the components required. Use git:
Chef and Knife
If the workstation where you are running Knife is an Ubuntu or Debian system, you will need to install additional development packages before installing knife-ec2:
You'll will need to install the knife-ec2 Ruby gem to launch instances in Amazon EC2:
As part of the Chef Fast Start Guide, you cloned a chef-repo and copied the Knife configuration file (knife.rb), validation certificate (ORGNAME-validator.pem) and user certificate (USERNAME.pem) to
Add the Amazon AWS credentials to the Knife configuration file.
Add the following two lines to the end:
Once the nagios-quick-start and knife configuration is in place, we'll work from this directory.
Amazon AWS EC2
In addition to the credentials, two additional things need to be configured in the AWS account.
Configure the default security group to allow incoming connections for the following ports.
Add these to the default security group for the account using the AWS Console.
1. Sign into the Amazon AWS Console.
Create an SSH Key Pair and save the private key in
1. In the AWS Console, click on "Key Pairs" in the left sidebar.
The nagios-quick-start repository has all the cookbooks we need for this guide. They were downloaded along with their dependencies from the cookbooks site using Knife. These are in the
Upload all the cookbooks to Hosted Chef.
All the required roles have been created in the nagios-quick-start repository. They are in the
Upload all the roles to Hosted Chef.
Data Bag Item
The nagios-quick-start repository contains a data bag item that has information about a default user that can log into the Nagios web interface, nagiosadmin.
The data bag name is users and the item name is nagiosadmin. Upload this to Hosted Chef.
Launch Single Instance
We are going to use an m1.small instance with the 64 bit Ubuntu 12.04 (Precise) image provided by Canonical. The identifier is ami-43e2772a for the AMI in us-east-1 with instance storage that we will use in this guide. We'll show you the
This command will:
Launch the Nagios monitoring server on a single instance.
Once complete, the instance will be running Nagios.
Knife will output the fully qualified domain name of the instance when the command completes. You can navigate to the Nagios instance with:
The login is nagiosadmin and the password is nagios.
Adding Service Checks
New service checks can be added easily. Update the services.cfg.erb template. If necessary, update the commands.cfg.erb template for an additional command. Then upload the cookbook.
If the check is for all hosts, use hostgroup_name all.
If the check is for a certain role, such as monitoring, make sure it only gets enabled in the configuration if that role exists. For example:
If the service check doesn't already exist in the commands.cfg.erb, add it.
Upload the Nagios cookbook and run chef on the monitoring node.
Refer to the Nagios Documentation for more information about writing Nagios service check definitions.
Adding NRPE Checks
To add a new NRPE check, create the entry in nrpe.cfg.erb. For example, to add a check for a process named "chef-client":
Then upload the cookbook and run chef on the client systems, and the plugin will be enabled via NRPE.
Refer to the Nagios Documentation for more information about NRPE.
Adding New Plugin Scripts
If you've found a cool Nagios plugin you'd like to use, you can distribute it to nodes with the cookbook files directory.
Then update the commands.cfg.erb for the new command, and enable a service check by adding an entry in services.cfg.erb, per the sections above.
Refer to the Nagios Documentation for more information about Nagios Plugins.
The data bag item for dbapp contains default passwords that should certainly be changed to something stronger.
The passwords in the dbapp Data Bag Item are set to the values show below:
To change the password to something stronger, modify mysql_root, mysql_debian, mysql_repl values. Something like the following secure passwords:
Once the entries are modified, simply load the data bag item from the json file:
For people not using Amazon EC2, other Cloud computing providers can be used. Supported by knife and fog as of this revision:
See the Launch Cloud Instances with Knife for more information about using Knife to launch these instance types.
For people not using cloud at all, but have their own infrastructure and hardware, use the Knife Bootstrap knife command. Note that the run-list specification is slightly different. For the first example of the single instance:
See the contextual help for knife bootstrap on the additional options to set for SSH.
A Note about EC2 Instances
We used m1.small instances. This is a low performance instance size in EC2 and just fine for testing. Visit the Amazon AWS documentation to learn more about instance sizes.